Home / Vulnerability Intelligence / CVE-2024-51224

CVE-2024-51224 - Vulnerability Analysis

MediumCVSS: 4.8

Last Updated: March 24, 2026

Phpgurukul Vehicle Record Management System - Stored XSS

Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable

Overview

Phpgurukul Vehicle Record Management System v1.0 contains multiple stored XSS vulnerabilities caused by improper input sanitization in /admin/edit-vehicle.php parameters, letting attackers execute arbitrary scripts via crafted payloads, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.8

Impact

Attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version with proper input sanitization and output encoding.

References

Related Resources

Details

CVE ID: CVE-2024-51224
Severity: Medium
CVSS Score: 4.8
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N